django-restit 4.2.164__py3-none-any.whl → 4.2.166__py3-none-any.whl

account/models/device.py

@@ -6,6 +6,8 @@ from rest import settings
 from objict import objict
 from datetime import datetime
 
+from rest import helpers as rh
+
 CM_BACKENDS = objict()
 DEVICE_USE_BUID = settings.get("DEVICE_USE_BUID", False)
 
@@ -85,8 +87,9 @@ class MemberDevice(models.Model, rm.RestModel, rm.MetaDataModel):
                 md.state = 1
             md.touch(request.ip)
             metadata = request.DATA.get("device_metadata", None)
-            if isinstance(metadata, dict):
-                md.set_metadata(metadata)
+            rh.debug("md.metadata", metadata)
+            if metadata is not None:
+                md.setProperty("device", metadata)
             return md
         md = MemberDevice(
             uuid=device_id, buid=buid,
@@ -100,8 +103,8 @@ class MemberDevice(models.Model, rm.RestModel, rm.MetaDataModel):
         md.save()
         md.setProperty("user_agent", request.META.get('HTTP_USER_AGENT', ''))
         metadata = request.DATA.get("device_metadata", None)
-        if isinstance(metadata, dict):
-            md.set_metadata(metadata)
+        if metadata is not None:
+            md.setProperty("device", metadata)
         return md
 
     @classmethod

{django_restit-4.2.164.dist-info → django_restit-4.2.166.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-restit
-Version: 4.2.164
+Version: 4.2.166
 Summary: A Rest Framework for DJANGO
 License: MIT
 Author: Ian Starnes

{django_restit-4.2.164.dist-info → django_restit-4.2.166.dist-info}/RECORD

@@ -26,7 +26,7 @@ account/migrations/0021_alter_cloudcredentials_group.py,sha256=zoFYmE-hd3uRGX6DR
 account/migrations/0022_alter_memberdevice_modified.py,sha256=9eeKcdr9p6qFJ8ZxSnKSj1KxZjW8NZfM0YCMck6i0QQ,424
 account/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 account/models/__init__.py,sha256=cV_lMnT2vL_mjiYtT4hlcIHo52ocFbGSNVkOIHHLXZY,385
-account/models/device.py,sha256=2XT45W5iRGFFZlD5-nnypuR6BlscVbfsS1azxoeHj3Y,6222
+account/models/device.py,sha256=8D-Sbv9PZWAnX6UVpp1lNJ03P24fknNnN1VOhqY7RVg,6306
 account/models/feeds.py,sha256=vI7fG4ASY1M0Zjke24RdnfDcuWeATl_yR_25jPmT64g,2011
 account/models/group.py,sha256=N9Ow7AtV4xN5zSE9E5-msthJy0G5-3DEr2MTmvFO1kU,22887
 account/models/legacy.py,sha256=zYdtv4LC0ooxPVqWM-uToPwV-lYWQLorSE6p6yn1xDw,2720
@@ -95,7 +95,7 @@ inbox/utils/parsing.py,sha256=y_71dwz8bm3JvF35ol8698XJ36sBF8fQWUrn0sYd2Fs,5597
 inbox/utils/render.py,sha256=CU_F2qUBQE7mjb9Q6Dn9ro5CS_O_zEY-wDMHEClKkIA,4331
 inbox/utils/sending.py,sha256=BKelTZnbkdSLGpjOY6IRTrzj-Hnw2pPZ7RYQGwe-tqk,2179
 incident/README.md,sha256=4vbZTJj7uUmq8rogYngxqNYjFTlBOujfWUGheLoFKMc,1114
-incident/__init__.py,sha256=xgdt3z3z7ygjWv5HxhiWgBtB2W3IUJmmR88NSyUeHuo,3455
+incident/__init__.py,sha256=FXNMmcGP6YAKjwik84ppze33uL0kDTa7YFr3aOEXhhk,3658
 incident/migrations/0001_initial.py,sha256=KmJRau3a2QFRaUwUrFUgY2p7FQZCODv3F-Sl0ZArpu0,9720
 incident/migrations/0002_event_component_event_component_id.py,sha256=Qfu3ndJKh4v7953ULTUZlSa3mVI-lnFIq9VFN1Rbs7Q,595
 incident/migrations/0003_rule_action.py,sha256=LNqV52qOjxxe3L8qEdln-Hd2voFcpyjOZ_cEsasrv7s,425
@@ -111,17 +111,18 @@ incident/migrations/0012_rule_match_by.py,sha256=PGclGnnc_8JEsJZ8znoXm-iAC6Y0i2W
 incident/migrations/0013_rulecheck_is_required.py,sha256=cL7tOj5XGPpKd2f5BojIKfNJeDB1IL-jGRU6-g-Co5o,387
 incident/migrations/0014_event_group_alter_rulecheck_index.py,sha256=v3gm5k0LVoas27qUDOt7el7YtK4yjFVLeEpuFUCoXaQ,724
 incident/migrations/0015_rule_title_template_alter_incident_state.py,sha256=FPUDhFwqBC39EjeknRT7BPddEf6ExCjsXVb9LMqIn3U,687
+incident/migrations/0016_rule_notify_template.py,sha256=4WGdMxiELujLIy9bzHovHWbAORupodN1Ty3vsy3mLjg,425
 incident/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 incident/models/__init__.py,sha256=NMphuhb0RTMf7Ov4QkNv7iv6_I8Wtr3xQ54yjX_a31M,209
 incident/models/event.py,sha256=FEzEKKQKLkdRrPCvv-3Um9E2UPQjyIJp314Zr2LHuiw,7976
-incident/models/incident.py,sha256=5unJbVcjK05moXPrmq4S9aqGW6ysIzRxD4lp_HowKLs,21940
+incident/models/incident.py,sha256=dSveWs0VawYePeFxwZT8ni85CS_4jxpGV8nXPVGXokk,22607
 incident/models/ossec.py,sha256=eUDRGawzuLWobKEVGKfdZisDnyjS_Hlxi0T_GCSLCCI,2252
-incident/models/rules.py,sha256=aRkJ0ZnTv87nAUC1sHVkPExfb3OJ8fgHQIhnCIpIbhQ,7001
+incident/models/rules.py,sha256=PPp8oJDW1gop9i_21lhP50qgt_TrdWErp2mYqZCMfd4,7065
 incident/models/ticket.py,sha256=S3kqGQpYLE6Y4M9IKu_60sgW-f592xNr8uufqHnvDoU,2302
 incident/parsers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 incident/parsers/ossec.py,sha256=fouUsSnrdkEuqDzJ-MxmCP7ny5pCGFS3Tyf6lQSMBc4,11609
 incident/periodic.py,sha256=eX1rQK6v65A9ugofTvJPSmAWei6C-3EYgzCMuGZ03jM,381
-incident/rpc.py,sha256=sFHN1BTTPx-yYd6iCOpcGsKVHZPcD7LWcRcR0XsVquE,8768
+incident/rpc.py,sha256=y1u_op8PiWI4kUVD_DsKXmygdxRDBDxudCFGp829s3E,9056
 incident/templates/email/incident_change.html,sha256=tQYphypwLukkVdwH0TB2Szz2VEJ7GnsfRS3_ZJ-MYeE,13895
 incident/templates/email/incident_msg.html,sha256=MZdKhTddUF2MpiH8Z3RTQEmW_ko1n3ajeZ11KLtiLlU,13780
 incident/templates/email/incident_new.html,sha256=W6nwFQROnyDfMlXub8s02ws4hGnJp16pfgp9xTm_aEc,15185
@@ -378,7 +379,7 @@ pushit/utils.py,sha256=IeTCGa-164nmB1jIsK1lu1O1QzUhS3BKfuXHGjCW-ck,2121
 rest/.gitignore,sha256=TbEvWRMnAiajCTOdhiNrd9eeCAaIjRp9PRjE_VkMM5g,118
 rest/README.md,sha256=V3ETc-cJu8PZIbKr9xSe_pA4JEUpC8Dhw4bQeVCDJPw,5460
 rest/RemoteEvents.py,sha256=nL46U7AuxIrlw2JunphR1tsXyqi-ep_gD9CYGpYbNgE,72
-rest/__init__.py,sha256=OHP0LpCorLpmS0bdBI3QI-eOYtwdkh6DTH6YgR3KOUg,122
+rest/__init__.py,sha256=0TxtckfR2izNmII4ddcJuIksqIVi3UW_LKZ9O-p_E4E,122
 rest/arc4.py,sha256=y644IbF1ec--e4cUJ3KEYsewTCITK0gmlwa5mJruFC0,1967
 rest/cache.py,sha256=1Qg0rkaCJCaVP0-l5hZg2CIblTdeBSlj_0fP6vlKUpU,83
 rest/crypto/__init__.py,sha256=Tl0U11rgj1eBYqd6OXJ2_XSdNLumW_JkBZnaJqI6Ldw,72
@@ -514,7 +515,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
 ws4redis/settings.py,sha256=KKq00EwoGnz1yLwCZr5Dfoq2izivmAdsNEEM4EhZwN4,1610
 ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
 ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
-django_restit-4.2.164.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
-django_restit-4.2.164.dist-info/METADATA,sha256=cxD7mymamfcjCPYJNAbJ6Kkk9WMB_sHtqPA7wN8KPo8,7663
-django_restit-4.2.164.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-django_restit-4.2.164.dist-info/RECORD,,
+django_restit-4.2.166.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
+django_restit-4.2.166.dist-info/METADATA,sha256=UFrfXKJj92wJ-lgCMNHKLGE8dsK9hP9MKncpiq9O-jE,7663
+django_restit-4.2.166.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+django_restit-4.2.166.dist-info/RECORD,,

incident/__init__.py

@@ -15,6 +15,9 @@ def _request_to_meta(request, metadata):
         metadata["buid"] = request.buid
     if "username" not in metadata and hasattr(request, "member") and request.member is not None:
         metadata["username"] = request.member.username
+    # if "group_name" not in metadata and hasattr(request, "group") and request.group is not None:
+    #     metadata['group_name'] = request.group.name
+    #     metadata['group_id'] = request.group.id
     return metadata
 
 

incident/migrations/0016_rule_notify_template.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.11 on 2025-01-03 19:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('incident', '0015_rule_title_template_alter_incident_state'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='rule',
+            name='notify_template',
+            field=models.TextField(default=None, null=True),
+        ),
+    ]

incident/models/incident.py

@@ -280,9 +280,7 @@ class Incident(models.Model, rm.RestModel, rm.MetaDataModel):
         try:
             action, perm = self.rule.action.split(":")
             members = Member.GetWithNotification(perm)
-            # count = self.getProperty("event_count", default=1, field_type=int)
-            url = F"{settings.INCIDENT_PORTAL_URL}?incident={self.pk}"
-            msg = f"Incident #{self.pk}\n{self.description}\n{url}"
+            msg = self.renderTemplate()
             for m in members:
                 m.sendSMS(msg)
         except Exception:
@@ -363,6 +361,29 @@ class Incident(models.Model, rm.RestModel, rm.MetaDataModel):
             context=dict(incident=self, portal_url=settings.INCIDENT_PORTAL_URL),
             email_only=True, from_email=INCIDENT_EMAIL_FROM)
 
+    def renderTemplate(self):
+        has_template = self.rule and self.rule.notify_template and not self.rule.notify_template.startswith("http")
+        url = self.renderURL()
+        if not has_template:
+            return f"Incident #{self.pk}\n{self.description}\n{url}"
+        template = self.rule.notify_template
+        try:
+            template = template.format(event=self)
+        except Exception:
+            pass
+        return template
+
+    def renderURL(self):
+        has_template = self.rule and self.rule.notify_template and self.rule.notify_template.startswith("http")
+        if not has_template:
+            return F"{settings.INCIDENT_PORTAL_URL}?incident={self.pk}"
+        url = self.rule.notify_template
+        try:
+            url = url.format(event=self)
+        except Exception:
+            pass
+        return url
+
     def lastSentAge(self):
         # prevent spams, only allow emails every 5 minutes
         if self.action_sent is None:

incident/models/rules.py

@@ -65,6 +65,7 @@ class Rule(models.Model, rm.RestModel):
 
     name = models.CharField(max_length=200)
     title_template = models.CharField(max_length=200, default=None, null=True)
+    notify_template = models.TextField(default=None, null=True)
     # the group the rule gets assigned to when triggered
     group = models.ForeignKey("account.Group", on_delete=models.CASCADE, null=True, default=None)
     # category allows us to limit running rules to only those with a category

incident/rpc.py

@@ -56,69 +56,85 @@ if settings.REPORT_PERMISSION_DENIED:
     rv.restPermissionDenied = patched_restPermissionDenied
 
 
+@rd.urlPOST(r'^ossec/alert/batch$')
+def batch_ossec_alert_creat_from_request(request):
+    batch = request.DATA.get("batch")
+    if not isinstance(batch, list):
+        return rv.restStatus(request, False, error="invalid format")
+    for alert in batch:
+        on_ossec_alert(request, alert)
+    return rv.restStatus(request, True)  
+
+
 @rd.urlPOST(r'^ossec/alert$')
 def ossec_alert_creat_from_request(request):
     payload = request.DATA.get("payload")
-    if payload:
-        try:
-            # TODO make this a task (background it)
-            # rh.log_error("parsing payload", payload)
-            od = ossec.parseAlert(request, payload)
-            # lets now create a local event
-            if od is not None:
-                level = 10
-                if od.level > 10:
-                    level = 1
-                elif od.level > 7:
-                    level = 2
-                elif od.level == 6:
-                    level = 3
-                elif od.level == 5:
-                    level = 4
-                elif od.level == 4:
-                    level = 6
-                elif od.level <= 3:
-                    level = 8
-                metadata = od.toDict(graph="default")
-                metadata.update(od.metadata)
-                # we reuse the ssh_sig because it is a text field to store urls
-                # ssh_sig = metadata.get("ssh_sig", None)
-                # if ssh_sig is not None and ssh_sig.startswith("http"):    
-                #     metadata["url"] = ssh_sig
-                #     metadata["domain"] = ossec.extractDomain(ssh_sig)
-                #     metadata["path"] = ossec.extractUrlPath(ssh_sig)
-                #     metadata.pop("ssh_sig")
-                if od.geoip:
-                    metadata["country"] = od.geoip.country
-                    metadata["city"] = od.geoip.city
-                    metadata["province"] = od.geoip.state
-                    metadata["isp"] = od.geoip.isp
-
-                am.Event.createFromDict(None, {
-                    "hostname": od.hostname,
-                    "description": od.title,
-                    "details": od.text,
-                    "level": level,
-                    "category": "ossec",
-                    "component": "incident.ServerOssecAlert",
-                    "component_id": od.id,
-                    "reporter_ip": od.src_ip,
-                    "metadata": metadata
-                })
-                return rv.restStatus(request, True)
-        except Exception as err:
-            rh.log_exception()
-            stack = rh.getStackString()
-            # rh.log_exception("during ossec alert", payload)
-            metadata = dict(ip=request.ip, payload=payload)
+    if not payload:
+        return rv.restStatus(request, False, error="no alert data")
+    on_ossec_alert(request, payload)
+    return rv.restStatus(request, True)
+
+
+def on_ossec_alert(request, alert):
+    try:
+        # TODO make this a task (background it)
+        # rh.log_error("parsing payload", payload)
+        od = ossec.parseAlert(request, alert)
+        # lets now create a local event
+        if od is not None:
+            level = 10
+            if od.level > 10:
+                level = 1
+            elif od.level > 7:
+                level = 2
+            elif od.level == 6:
+                level = 3
+            elif od.level == 5:
+                level = 4
+            elif od.level == 4:
+                level = 6
+            elif od.level <= 3:
+                level = 8
+            metadata = od.toDict(graph="default")
+            metadata.update(od.metadata)
+            # we reuse the ssh_sig because it is a text field to store urls
+            # ssh_sig = metadata.get("ssh_sig", None)
+            # if ssh_sig is not None and ssh_sig.startswith("http"):    
+            #     metadata["url"] = ssh_sig
+            #     metadata["domain"] = ossec.extractDomain(ssh_sig)
+            #     metadata["path"] = ossec.extractUrlPath(ssh_sig)
+            #     metadata.pop("ssh_sig")
+            if od.geoip:
+                metadata["country"] = od.geoip.country
+                metadata["city"] = od.geoip.city
+                metadata["province"] = od.geoip.state
+                metadata["isp"] = od.geoip.isp
+
             am.Event.createFromDict(None, {
-                "hostname": request.get_host(),
-                "description": f"error parseing alert: {err}",
-                "details": stack,
-                "level": 8,
-                "category": "ossec_error",
+                "hostname": od.hostname,
+                "description": od.title,
+                "details": od.text,
+                "level": level,
+                "category": "ossec",
+                "component": "incident.ServerOssecAlert",
+                "component_id": od.id,
+                "reporter_ip": od.src_ip,
                 "metadata": metadata
             })
+            return rv.restStatus(request, True)
+    except Exception as err:
+        rh.log_exception()
+        stack = rh.getStackString()
+        # rh.log_exception("during ossec alert", payload)
+        metadata = dict(ip=request.ip, payload=alert)
+        am.Event.createFromDict(None, {
+            "hostname": request.get_host(),
+            "description": f"error parseing alert: {err}",
+            "details": stack,
+            "level": 8,
+            "category": "ossec_error",
+            "metadata": metadata
+        })
     # rh.log_error("ossec alert", request.DATA.asDict())
     return rv.restStatus(request, False, error="no alert data")
 

rest/__init__.py

@@ -1,4 +1,4 @@
 from .uberdict import UberDict  # noqa: F401
 from .settings_helper import settings  # noqa: F401
 
-__version__ = "4.2.164"
+__version__ = "4.2.166"